#
a9c0d8be |
| 07-Sep-2017 |
David Benjamin |
Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb. "Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: Rich
Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb. "Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
show more ...
|
#
fa4b82cc |
| 06-Sep-2017 |
Alfred E. Heggestad |
add callback handler for setting DTLS timer interval Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.
add callback handler for setting DTLS timer interval Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4011)
show more ...
|
#
67738645 |
| 03-Aug-2017 |
Matt Caswell |
Add functions for getting/setting SNI/ALPN info in SSL_SESSION Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
|
#
98e1d934 |
| 08-Jul-2017 |
Matt Caswell |
Add SSL_SESSION_set_max_early_data() Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
|
#
50966bfa |
| 22-Aug-2017 |
Paul Yang |
Introduce SSL_CIPHER_get_protocol_id The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: Mat
Introduce SSL_CIPHER_get_protocol_id The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4107)
show more ...
|
#
0aed6e44 |
| 01-Aug-2017 |
Benjamin Kaduk |
Add SSL_get_pending_cipher() The existing function SSL_get_current_cipher() queries the current session for the ciphersuite in use, but there is no way for application code to determ
Add SSL_get_pending_cipher() The existing function SSL_get_current_cipher() queries the current session for the ciphersuite in use, but there is no way for application code to determine what ciphersuite has been negotiated and will be used in the future, prior to ChangeCipherState (or the TLS 1.3 equivalent) causing the new cipher to take effect and become visible in the session information. Expose this information to appropriate application callbacks to use during the handshake. The name SSL_get_pending_cipher() was chosen for compatibility with BoringSSL's routine of that name. Improve the note on macro implementations in SSL_get_current_cipher.pod while here. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
show more ...
|
#
07927bed |
| 02-Aug-2017 |
Matt Caswell |
Add an SSL_SESSION_dup() function Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
|
#
a58eb06d |
| 13-Jan-2017 |
Todd Short |
Add support to free/allocate SSL buffers OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can be set to release the read or write buffers when data has finished readi
Add support to free/allocate SSL buffers OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can be set to release the read or write buffers when data has finished reading or writing. OpenSSL will automatically re-allocate the buffers as needed. This can be quite aggressive in terms of memory allocation. This provides a manual mechanism. SSL_free_buffers() will free the data buffers if there's no pending data. SSL_alloc_buffers() will realloc them; but this function is not strictly necessary, as it's still done automatically in the state machine. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2240)
show more ...
|
#
bbb4ceb8 |
| 29-Jun-2017 |
Paul Yang |
Support converting cipher name to RFC name and vice versa Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name.
Support converting cipher name to RFC name and vice versa Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
show more ...
|
#
5a43d511 |
| 12-Jun-2017 |
Matt Caswell |
Add SSL_SESSION_set_protocol_version() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
1a993d1d |
| 12-Jun-2017 |
Matt Caswell |
Add SSL_SESSION_set_cipher() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
911d63f2 |
| 12-Jun-2017 |
Matt Caswell |
Add SSL_SESSION_set1_master_key() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
ba4df682 |
| 12-Jun-2017 |
Matt Caswell |
Add a function to get the handshake digest for an SSL_CIPHER Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
f46184bd |
| 12-Jun-2017 |
Matt Caswell |
Add public API functions for setting TLSv1.3 PSK callbacks Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
193b5d76 |
| 16-Mar-2017 |
Benjamin Kaduk |
Add SSL_early_get1_extensions_present() It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be
Add SSL_early_get1_extensions_present() It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
show more ...
|
#
84c34ba8 |
| 10-Apr-2017 |
Matt Caswell |
Extend the SERVERINFO file format to include an extensions context This enables us to know what messages the extensions are relevant for in TLSv1.3. The new file format is not compatible
Extend the SERVERINFO file format to include an extensions context This enables us to know what messages the extensions are relevant for in TLSv1.3. The new file format is not compatible with the previous one so we call it SERVERINFOV2. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
show more ...
|
#
c649d10d |
| 05-Apr-2017 |
Todd Short |
TLS1.3 Padding Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Revi
TLS1.3 Padding Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3130)
show more ...
|
#
e586eac8 |
| 21-Mar-2017 |
Matt Caswell |
Add support for SSL_SESSION_is_resumable() Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz <rsalz@openssl.org>
Add support for SSL_SESSION_is_resumable() Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
show more ...
|
#
43ae5eed |
| 05-Apr-2017 |
Matt Caswell |
Implement a new custom extensions API The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of m
Implement a new custom extensions API The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
show more ...
|
#
8edb4ee1 |
| 31-Mar-2017 |
Dr. Stephen Henson |
update ordinals Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
|
#
0665b4ed |
| 02-Mar-2017 |
Matt Caswell |
Rename SSL_write_early() to SSL_write_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsal
Rename SSL_write_early() to SSL_write_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
f533fbd4 |
| 02-Mar-2017 |
Matt Caswell |
Rename SSL_read_early() to SSL_read_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@
Rename SSL_read_early() to SSL_read_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
3eaa4170 |
| 27-Feb-2017 |
Matt Caswell |
Make SSL_write_early_finish() an internal only function Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
fcc47578 |
| 24-Feb-2017 |
Matt Caswell |
Add a SSL_SESSION_get_max_early_data() function Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
1ea4d09a |
| 22-Feb-2017 |
Matt Caswell |
Construct the server side early_data extension Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|